This topic presents frequently asked questions and answers about Administration Portal.
What is the difference between hybrid WAN deployment and SD-WAN deployment?
Are passwords that I configure for tenant users stored in the database?
I forgot my password and I am unable to log in. What should I do?
What is the default password for Contrail Service Orchestration (CSO)?
How do I get started with configuring the Cloud CPE Solution?
How do I know whether Administration Portal has created an object successfully?
How can I view information about or perform actions on a specific object, such as a tenant?
What is the difference between stage-1 and stage-2 configuration?
What is the expected switchover time for traffic that breaches the SLA in an SD-WAN implementation?
How do I monitor the progress of a device activation during stage-1 configuration?
Can I configure APN setting while onboarding the CPE device?
In a hybrid-WAN environment, the CPE device provides connectivity between multiple sites of the same tenant. Each site can have up to two WAN links, of which one is an MPLS link while the other can be an Internet link. By default, the site traffic goes through the MPLS link. If the MPLS connection fails, the site traffic goes through an IPsec tunnel created over an Internet link. In an SD-WAN deployment, the CPE device provides software-defined WAN connectivity services for each site of the tenant. Each site can have up to four WAN links and supports both MPLS and internet links. A tenant can create intent-based policies to define SLA requirements for various applications; these policies help the tenant manage the use of WAN links by each application.
The workflow to configure an SD-WAN deployment is as follows:
If the authentication method for tenants is local, the passwords are stored in the local keystone database. If the authentication is done by using an SSO server, the passwords are not stored locally.
You can reset your password from the login page. Access the login page and enter your username in the first field (Username). Click the Forgot Password? link and follow the instructions to reset your password.
There is no default password. When an account is created for you, you receive an account activation e-mail that contains a link to access the portal. You can access the portal by using the link and set a password of your choice. If you forget your password, you must reset the password by using the forgot password option.
See the Quick Start Guide for instructions to get started with CSO.
When you finish creating an object, a message detailing the status of the object creation appears at the top of the page. The object then appears in the table on the page for that type of object.
The Administration Portal menu bar is displayed on the left side of every page and has the following entries at the first level:
Dashboard
Monitor
Resources
Configuration
Tenants
Administration
Depending on the object, select the first-level menu item and, if applicable, select the second-level menu item to access the page for that object. For example, you can access tenants by selecting Tenants (first level), and access devices by selecting Resources and then Tenant Devices (second level). You can then select objects and perform various actions related to those objects.
In addition, on the Jobs page (Monitor > Jobs), you can view information about the different jobs that are triggered.
You can import a JSON file of data for multiple tenants, or multiple CPE devices. You can also create a single object by clicking the add (+) icon on the main page for that object.
No. Only tenant administrators can activate devices.
Only tenant administrators can add sites. In CSO Release 5.0.0 onward, sites are configured as part of the Add Site workflow and only tenant administrators have access to it.
You can upload licenses from the Licenses page (Administration > Licenses).
From CSO Release 3.1R1 onward, you can also upload and install vSRX and SRX Series licenses for VNFs and CPE devices through the license tool, license_install_util.sh. For more information, see Installing Licenses with the License Tool section in the Deployment Guide.
From CSO Release 3.3 R1 onward, you can push licenses to CPE devices from the Licenses page (Administration > Licenses).
When you drag and drop a service on to an attachment point, you can specify configuration parameters for the services. After specifying the parameters, click Save to save the configuration without deploying it; you can then deploy the configuration later. Click Deploy to save and deploy the configuration.
A provider hub, known as cloud hub in previous, on-premise releases of CSO, is the tenant's view of the shared hub, which references the services provider (MSP) device. In CSO Release 5.0.0, the provider hub device is owned and managed by Juniper Networks. Tenants can select an available provider hub device when they create provider hub sites.
You cannot modify device templates. However, you can clone device templates and create your own template from the Device Templates page (Resources > Device Templates) in Administration Portal.
The initial configuration that allows basic connectivity to a device, which is pushed to the device when it calls home, is called stage-1 configuration. The configuration that is pushed to the device after it has connected to CSO is called stage-2 configuration.
No; specifying an activation code for CPE devices is optional. If you do not want to specify an activation code, on the Template Settings page (Resources > Device Template > Device-Template-Name > Edit Device Template > Template Settings), disable the ACTIVATION_CODE_ENABLED field and save the changes.
Average link metrics are analyzed every one minute, and if the traffic violates the SLA three times, the link is switched. With AppQoE (real-time optimized SD-WAN mode) enabled networks, the switchover time is much faster and the link is switched within few seconds.
A department is a grouping of LAN segments within a site. You use departments to apply specific policies to LAN segments that are members of a department.
Using a Web browser, access the URL for the Network Services Designer. For example, if the IP address of the host on which the Network Service Designer resides is 192.0.2.1, then the URL would be https://192.0.2.1:83/nsd-ui/index.html.
Traffic type profiles enable you to configure class-of-service parameters for various types of traffic based on your specific business requirements. Traffic type profiles enable you to assign priority and service level criteria for traffic types.
You can view the bootstrap logs to monitor the progress of device activation during stage-1 configuration. From CSO Release 4.0.0 onward, the bootstrap (stage-1 configuration and device availability) logs are included in Zero Touch Provisioning (ZTP) job logs.
The loopback IP address is always reachable over the IPsec tunnel and will not change. Even if the WAN interfaces are behind NAT and are assigned private IP addresses (using DHCP), it does not impact the OAM connectivity between the SD-WAN site and the Hub.
By default, an SP administrator does not have access to OpCo. The OpCo administrator must explicitly add the SP administrator user name in the OpCo.
No, you cannot configure the APN setting while onboarding the CPE device. After successful device activation, you can configure the APN setting through stage-2 configuration template.
Since phone-home client (PHC) is not present on SRX4100 and SRX4200 CPE devices, you must manually activate the device by copying the stage-1 configuration from CSO and pasting it to the console of the SRX4100 and SRX4200 CPE device.
If you select the real time-optimized option, all sites in the tenant are connected in full-mesh or hub-and-spoke topology.